{{- $externalSecretStoresEnabled := include "crossplane.externalSecretStoresEnabled" . | eq "true" -}}
{{- if $externalSecretStoresEnabled }}
---
# The reason this is created empty and filled by the init container is we want
# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
# is deleted, the secret is deleted as well.
apiVersion: v1
kind: Secret
metadata:
  name: ess-server-certs
  namespace: {{ .Release.Namespace }}
type: Opaque
{{- end }}
---
# The reason this is created empty and filled by the init container is we want
# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
# is deleted, the secret is deleted as well.
apiVersion: v1
kind: Secret
metadata:
  name: crossplane-root-ca
  namespace: {{ .Release.Namespace }}
type: Opaque
---
# The reason this is created empty and filled by the init container is we want
# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
# is deleted, the secret is deleted as well.
apiVersion: v1
kind: Secret
metadata:
  name: crossplane-tls-server
  namespace: {{ .Release.Namespace }}
type: Opaque
---
# The reason this is created empty and filled by the init container is we want
# to manage the lifecycle of the secret via Helm. This way whenever Crossplane
# is deleted, the secret is deleted as well.
apiVersion: v1
kind: Secret
metadata:
  name: crossplane-tls-client
  namespace: {{ .Release.Namespace }}
type: Opaque